17 Repos
Utilities for inspecting and decompiling intermediate bytecode formats.
Explore 17 awesome GitHub repositories matching part of an awesome list · Bytecode Analysis Tools. Refine with filters or upvote what's useful.
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
A debugger and .NET assembly editor for bytecode analysis.
dex2jar is an Android dex decompiler and reverse engineering tool designed to convert Dalvik executable bytecode into Java class files. It functions as a bytecode converter that transforms compiled Android binaries into a format compatible with standard Java analysis tools. The project facilitates Android app decompilation and Java bytecode recovery by translating executable files into readable structures. This allows for the analysis of application logic and the identification of security vulnerabilities or malicious behavior during Android malware analysis. The tool performs static bytecod
Parses binary dex files to extract class hierarchies and method signatures through static analysis.
de4dot is a .NET deobfuscator and unpacker designed to reverse obfuscation and restore readable code and metadata within .NET assemblies. It functions as a bytecode analyzer that simplifies control flow, strips anti-debugging protections, and extracts original payloads from packed executable wrappers. The project distinguishes itself through a modular deobfuscation pipeline and a sandbox environment used for dynamic string decryption, which executes decryption methods to replace encrypted strings with plain-text values. It can identify specific obfuscation tools through pattern-based binary a
Analyzes Common Intermediate Language bytecode to simplify control flow and remove junk instructions.
JerryScript is a lightweight, ECMAScript-compliant JavaScript engine and bytecode compiler designed for resource-constrained devices. It serves as an embedded interpreter and IoT scripting runtime, enabling the execution of JavaScript code within native C applications on hardware with limited memory. The project differentiates itself through a focus on low-memory runtime management, utilizing bytecode precompilation and pre-compiled state snapshots to reduce startup time and memory overhead. It features a C-binding native bridge for bidirectional communication between native code and scripts,
Provides the ability to dump generated bytecode into a human-readable format for analysis.
Recaf ist eine Suite spezialisierter Tools zum Assemblieren, Bearbeiten, Deobfuskieren, Dekompilieren und Instrumentieren von Java-Bytecode und Laufzeitprozessen. Es bietet eine koordinierte Umgebung zum Modifizieren kompilierter Java-Klassendateien und zum Analysieren des Verhaltens von Java-Anwendungen. Das Projekt zeichnet sich durch eine mehrstufige Abstraktionsschicht aus, die das Bearbeiten über verschiedene Formate hinweg ermöglicht, sowie durch ein steckbares Framework, das Bytecode durch mehrere konfigurierbare Dekompilierungs-Engines leitet. Es enthält eine eingebettete Skript-Engine und eine Plugin-Architektur, um repetitive Aufgaben zu automatisieren und das Systemverhalten zu erweitern. Das Toolset deckt mehrere hochrangige Funktionsbereiche ab, einschließlich statischer Analyse für die Suche nach Anwendungsinhalten und der Simulation von Methodenausführungszuständen. Es unterstützt zudem Laufzeitinstrumentierung für das Anhängen an Live-Prozesse und automatisierte Bytecode-Transformation zum Entfernen von Obfuskation und Reparieren von Klassendateien. Headless-Ausführung wird über ein Command-Line-Interface unterstützt, um Workflows in externe Build-Pipelines zu integrieren.
Provides a pluggable framework that routes bytecode through multiple interchangeable decompilers.
Smali is a two-way binary translation toolset designed to convert Dalvik bytecode to human-readable assembly and back again. It provides a mechanism for the disassembly and assembly of executable files used in virtual machine environments. The project enables the modification of compiled Android application logic by transforming binary files into editable assembly and rebuilding them. It is used for reverse engineering, malware analysis, and the study of low-level instructions to identify program behavior or security flaws. The toolkit covers binary construction through smali code assembly a
Disassembles Dalvik bytecode into human-readable assembly while preserving annotations and debug information.
Reverse engineering and pentesting for Android applications
Decompiles Dalvik bytecode into human-readable assembly instructions for security analysis.
JPEX Software is a comprehensive reverse engineering suite for SWF binary files, serving as an ActionScript decompiler and editor. It provides a toolkit for decompiling, analyzing, and modifying the internal structure of compiled Flash content, including the extraction of scripts and media assets. The project is distinguished by its ability to perform direct binary modification, allowing users to edit bytecode and replace embedded resources without reverting to high-level source code. It includes a runtime ActionScript bytecode debugger for variable inspection and call stack analysis, as well
Ships a powerful ActionScript decompiler that transforms compiled bytecode back into human-readable source code.
Steamless ist ein spezialisiertes Utility, das darauf ausgelegt ist, SteamStub-DRM-Wrapper von Spiele-Binärdateien zu entfernen. Es fungiert als Entschlüsseler und Entpacker, der diese Schutzschichten entfernt, um die rohen Binärdaten der ursprünglichen Anwendung wiederherzustellen. Durch das Entfernen des plattformspezifischen Wrappers stellt das Tool ursprüngliche Einstiegspunkte wieder her und ermöglicht es Binärdateien, ohne eine authentifizierte Plattforminstanz zu laufen. Dieser Prozess bereitet Spiele-Binärdateien für Modifikationen vor, indem die Schichten entfernt werden, die normalerweise Drittanbieter-Tools den Zugriff auf den Code verwehren. Das Projekt nutzt statisches Binär-Entpacken, lineares Binär-Scanning und musterbasierte Bytecode-Analyse, um Payload-Grenzen zu identifizieren und ursprüngliche ausführbare Strukturen zu rekonstruieren.
Utilizes pattern-based bytecode analysis to identify DRM wrapper boundaries within executable files.
This project is a comprehensive Android reverse engineering suite that functions as a decompiler, bytecode deobfuscator, and malware analysis tool. It is designed to convert APK, DEX, and OAT binaries into human-readable source code using a native implementation that does not require a Java Virtual Machine. The platform is distinguished by its integration with Frida for dynamic analysis, allowing users to hook methods, inject custom JavaScript, and dump device memory in real time. It also features specialized security engines, including a taint propagation engine and a stack-state machine, to
Translates Dalvik bytecode into readable source code using a structured algorithm to recover program logic.
Fernflower ist ein Java-Bytecode-Decompiler und Reverse-Engineering-Tool. Es transformiert kompilierte Java-Klassendateien zurück in menschenlesbaren Java-Quellcode, um die ursprüngliche Programmlogik und Variablennamen zu rekonstruieren. Das Tool fungiert als Befehlszeilen-Bytecode-Prozessor, der in der Lage ist, Java-Archive und Klassendateien im Batch-Verfahren zu verarbeiten. Es handhabt speziell die Analyse von obfuscated Code, indem es mehrdeutige Identifikatoren umbenennt und Namenskonflikte auflöst, um den resultierenden Quellcode leichter nachvollziehbar zu machen. Das System nutzt statische Analyse, um Bytecode in Quellcode umzuwandeln, und verwendet die Extraktion von Debug-Informationen, um lokale Variablennamen wiederherzustellen. Es rekonstruiert Programmstrukturen durch Kontrollflussgraphen-Analyse, Typinferenz und die Generierung eines abstrakten Syntaxbaums.
Functions as a bytecode decompiler that transforms compiled class files back into human-readable Java source code.
python-uncompyle6 ist ein Python-Bytecode-Decompiler und Reverse-Engineering-Tool, das darauf ausgelegt ist, kompilierte Bytecode-Dateien zurück in menschenlesbaren Quellcode zu konvertieren. Es fungiert als Quellcode-Wiederhersteller und Bytecode-Disassembler, was die Analyse interner Programmlogik und die Rekonstruktion ursprünglicher Sprachkonstrukte ermöglicht. Das Tool bietet Cross-Version-Unterstützung, was die Analyse und Wiederherstellung von Quellcode aus Bytecode ermöglicht, der über verschiedene Versionen des Python-Interpreters hinweg erstellt wurde. Dies erlaubt den Betrieb als Cross-Version-Bytecode-Analyzer, der unterschiedliche Instruktionssätze unabhängig von der zur Ausführung des Tools verwendeten Version interpretieren kann. Die Funktionen decken Bytecode-Analyse und Programminspektion ab, einschließlich der Möglichkeit, Instruktionen mit interpretierten Flags und Operanden aufzulisten. Das System kann Quellcode aus ganzen Dateien oder spezifischen fragmentierten Segmenten, wie Lambda-Bodys und List Comprehensions, durch Abbildung von Bytecode-Offsets auf Quellfragmente rekonstruieren.
Provides the ability to list Python bytecode instructions with flags and operands for manual code analysis.
pycdc is a reverse engineering toolset that decompiles and disassembles compiled Python bytecode files back into readable source code. It parses .pyc file headers, reconstructs abstract syntax trees from bytecode instructions, and handles version-specific opcodes across Python versions 1.0 through 3.13 with endian-aware binary parsing. The tool recovers numeric constants, string literals, and marshalled Python objects from compiled bytecode, supporting both file-based and in-memory bytecode loading. It provides a human-readable disassembly listing of bytecode instructions alongside full sourc
Translate compiled Python bytecode back into readable source code by analyzing and reconstructing the original program structure.
Fernflower is a Java bytecode decompiler designed to convert compiled Java class files back into human-readable source code. It functions as a bytecode analysis tool that recovers original program logic and structure from compiled binaries. The project includes capabilities for obfuscated identifier resolution to rename ambiguous member elements, ensuring clear identifiers in the resulting source. These features support the analysis of obfuscated code, legacy code recovery, and Java malware analysis for security auditing. The system utilizes a structural analysis pipeline that includes contr
Converts compiled Java class files back into readable source code to recover original program logic.
pyinstxtractor is a PyInstaller executable unpacker and Python bytecode recovery tool. It functions as a helper for decompiling compiled Python binaries by extracting bundled binaries and bytecode from executables created with PyInstaller. The project includes a bytecode decryptor to remove encryption from extracted files and a header repair tool that restores corrupted headers. These capabilities ensure that extracted compiled files are compatible with bytecode decompilation software. The utility covers reverse engineering of Python applications, supporting malware analysis workflows throug
Restores missing magic numbers and versioning information to make extracted bytecode compatible with decompilers.
gdsdecomp is a project recovery suite and game engine reverse engineering toolset. It functions as a bytecode decompiler, binary resource converter, and asset extraction tool designed to reconstruct original directory hierarchies and scripts from compiled binary game assets. The toolset specializes in GDScript bytecode decompilation and compilation, translating compiled bytecode back into human-readable source code or converting source code into executable bytecode for specific engine versions and commit hashes. It includes a game archive patcher to modify project archives by replacing intern
Converts compiled bytecode files back into human-readable source code for various engine versions.
ArchUnit is a Java architecture testing library and automated validator that analyzes compiled bytecode to verify that source code adheres to predefined design rules. It functions as a testing framework that fails builds when the actual code structure violates architectural constraints. The library uses a fluent rule specification to define constraints and employs bytecode analysis to inspect class relationships and package dependencies. This allows for the automated detection of circular dependencies and the enforcement of dependency rules between packages. The tool covers a range of struct
Inspects compiled Java classes to enforce rules regarding package dependencies and class relationships.